home/fs: make hung /mnt/servo/* less impactful (and also more debuggable)

logs now show in /var/log/curlftpfs, when enabled previously unaccessed mounts still time out on first access without net, only it takes 120s instead of the more typical 20s since each mount expires independently, it can still take 15 minutes after 'ls /mnt/servo/media' for that directory to become usable (but at least it *does*)
2024-10-12 03:00:01 +00:00
parent 274a1683eb
commit 758b58cc5e
3 changed files with 10 additions and 3 deletions
--- a/hosts/common/fs.nix
+++ b/hosts/common/fs.nix
@@ -149,7 +149,7 @@ let
    systemdName = utils.escapeSystemdPath mountpoint;
    device = "curlftpfs#ftp://servo-hn:/${subdir}";
    fsType = "fuse3";
-    options = fsOpts.ftp ++ fsOpts.noauto ++ [
+    commonOptions = fsOpts.ftp ++ fsOpts.noauto ++ [
      # drop_privileges: after `mount.fuse3` opens /dev/fuse, it will drop all capabilities before invoking sshfs
      "drop_privileges"
      "auto_unmount"  #< ensures that when the fs exits, it releases its mountpoint. then systemd can recognize it as failed.
@@ -157,8 +157,14 @@ let
      "noauto"
      "nofail"
    ];
+    options = commonOptions ++ [
+      # systemd (or maybe fuse?) swallows stderr of mount units with no obvious fix.
+      # instead, use this flag to log the mount output to disk
+      "stderr_path=/var/log/curlftpfs/${builtins.replaceStrings [ "/" ] [ "-" ] subdir}.stderr"
+    ];
  in {
    sane.programs.curlftpfs.enableFor.system = true;
+    sane.fs."/var/log/curlftpfs".dir.acl.mode = "0777";
    system.fsPackages = [
      config.sane.programs.curlftpfs.package
    ];
@@ -224,7 +230,7 @@ let
        "-o"
        (lib.concatStringsSep "," ([
          "exit_after_connect"
-        ] ++ options))
+        ] ++ commonOptions))
      ];
      serviceConfig.RemainAfterExit = true;
      serviceConfig.Type = "oneshot";
--- a/hosts/common/programs/curlftpfs.nix
+++ b/hosts/common/programs/curlftpfs.nix
@@ -5,5 +5,6 @@
    sandbox.net = "all";
    sandbox.autodetectCliPaths = "existing";
    sandbox.keepPids = true;
+    sandbox.extraPaths = [ "/var/log/curlftpfs" ];
  };
 }
--- a/pkgs/by-name/curlftpfs-sane/package.nix
+++ b/pkgs/by-name/curlftpfs-sane/package.nix
@@ -29,7 +29,7 @@
    owner = "colin";
    repo = "curlftpfs";
    rev = "master";
-    hash = "sha256-bqkRHV4d1y349yIHAtXPMlfWciVCH/geW73id8aJwUs=";
+    hash = "sha256-biPw3Z0RFpdyQb9+2Fl9xOodREpE7j9ezaVAp2WFqzQ=";
  };
  # `mount` clears PATH before calling the mount helper (see util-linux/lib/env.c),
  # so the traditional /etc/fstab approach of fstype=fuse and device = curlftpfs#URI doesn't work.